32 Commits

Author	SHA1	Message	Date
Vadim Vetrov	452e640d9f	kmod -DNO_IPV6 packet filter	2025-01-12 01:45:31 +03:00
Vadim Vetrov	dfedde9aa8	Deglobalize struct config. ... New config structure allows to implement refcounting in the kernel module to escape borderline cases on module exit or config hot swap.	2025-01-11 03:42:50 +03:00
Vadim Vetrov	1027240062	Fix old kernel versions builders	2025-01-10 14:41:16 +03:00
Vadim Vetrov	351bbfb097	Use register_pernet_subsys for nf hook registration	2025-01-10 13:30:59 +03:00
Vadim Vetrov	2e67c161f8	Fix sni bruteforce when domain is at the end	2025-01-09 21:40:34 +03:00
Vadim Vetrov	d87ab29199	Use mallocs instead of NETBUF_ALLOC ... malloc won't hurt when youtubeUnblock is processing the packet. But it is better for kmod and a way cleaner than NETBUF_ALLOC defines.	2025-01-09 19:44:30 +03:00
Vadim Vetrov	9985fcea49	More verbose payload_split loggers	2025-01-09 18:31:38 +03:00
Vadim Vetrov	6393c11960	Use skb_copy_bits instead of skb_linearize ... Encountered noticeable issues in performance caused by skb_linearize	2025-01-09 18:30:23 +03:00
Vadim Vetrov	9b58869864	Add --no-dport-filter flag ... This flag allows to reduce amount of network packet to analyze.	2025-01-09 00:53:56 +03:00
Vadim Vetrov	37c8a798fd	Disallow to use --no-ipv6 in kernel space	2025-01-09 00:21:12 +03:00
Vadim Vetrov	16ba8801c1	Concurrency defenders in config parse and module destroy ... This commit is parr of #213 fix. In this issue kernel module crashes on high bandwidth usage has been reported. The part of the problem is concurrency usage: when config gets freed, callbacks keep to depend on it.	2025-01-09 00:21:12 +03:00
Vadim Vetrov	cadec5a05c	Allow to disable conntrack in userspace	2025-01-09 00:20:20 +03:00
Vadim Vetrov	59581e91b2	Allow to disable conntrack in kernel module	2025-01-09 00:09:47 +03:00
Vadim Vetrov	84d47b8a3d	Add conntrack parse skeleton	2025-01-08 03:44:20 +03:00
Vadim Vetrov	a3bd918484	Update trace logging	2025-01-07 23:28:01 +03:00
Vadim Vetrov	7b321b5a2d	Use size_t instead of uint32_t ... Encountered some crossplatform errors with uint_t-like length type definition.	2025-01-07 13:51:07 +03:00
Vadim Vetrov	1b62bb6cb2	Fix segfault in parse_quic_decrypted	2025-01-07 13:26:29 +03:00
Vadim Vetrov	40e1101d68	Do not hide sni domains with tls disabled	2025-01-04 19:27:12 +03:00
Vadim Vetrov	71c105a900	Disable early approve with all domains	2025-01-04 19:25:05 +03:00
Vadim Vetrov	e852d37edb	Differ quic initial salt versions	2025-01-04 19:22:54 +03:00
Vadim Vetrov	e98bb5ecad	Implement sni-detection brute for QUIC	2025-01-04 17:47:49 +03:00
Vadim Vetrov	fff2309863	Rename parsed to parse in --udp-filter-quic	2025-01-04 01:25:02 +03:00
Vadim Vetrov	0b9bc8e72a	Add quic disassemble ... Project all the CRYPTO messages to one buffer according to length/offset	2025-01-04 01:24:54 +03:00
Vadim Vetrov	2470c590fb	Fix tls sni ext in the end of the packet parser	2025-01-03 18:04:40 +03:00
Vadim Vetrov	b89c8a29ff	Fix default domain list ... The default domain list may lead to conflicts in QUIC parse support in some browsers. Especially, QUIC drop for googleapis domain may disable all the QUIC.	2025-01-03 15:53:29 +03:00
Vadim Vetrov	0280fe383f	Add --udp-filter-quic=parse ... This will enable QUIC decryption and parsing.	2025-01-03 15:52:53 +03:00
Vadim Vetrov	91e6825cb2	Fix error messages	2025-01-03 03:24:37 +03:00
Vadim Vetrov	43823cab57	Fix dvs for mangle tcp	2025-01-03 00:04:56 +03:00
Vadim Vetrov	ded8c49e4b	Add copyright notices ... youtubeUnblock becames bigger and copyright notices in each file will make it easier for anyone to do something over it.	2025-01-02 22:28:29 +03:00
Vadim Vetrov	b11a183bb3	Connect QUIC decryption to UDP processing	2025-01-02 20:37:34 +03:00
Vadim Vetrov	e5153e9186	Remaster tls parser for quic crypto	2025-01-02 19:09:27 +03:00
Vadim Vetrov	5c84f2e9b5	Add crypto files	2025-01-02 01:28:25 +03:00